From 868fd970e187d39c586565c875837e530c6f7e1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Pouiller?= Date: Fri, 9 Oct 2020 19:13:07 +0200 Subject: [PATCH] staging: wfx: improve robustness of wfx_get_hw_rate() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Smatch complains: data_tx.c:37 wfx_get_hw_rate() warn: constraint '(struct ieee80211_supported_band)->bitrates' overflow 'band->bitrates' 0 <= abs_rl '0-127' user_rl '' required = '(struct ieee80211_supported_band)->n_bitrates' 23 struct ieee80211_supported_band *band; 24 25 if (rate->idx < 0) 26 return -1; 27 if (rate->flags & IEEE80211_TX_RC_MCS) { 28 if (rate->idx > 7) { 29 WARN(1, "wrong rate->idx value: %d", rate->idx); 30 return -1; 31 } 32 return rate->idx + 14; 33 } 34 // WFx only support 2GHz, else band information should be retrieved 35 // from ieee80211_tx_info 36 band = wdev->hw->wiphy->bands[NL80211_BAND_2GHZ]; 37 return band->bitrates[rate->idx].hw_value; Add a simple check to make Smatch happy. Reported-by: Dan Carpenter Signed-off-by: Jérôme Pouiller Link: https://lore.kernel.org/r/20201009171307.864608-9-Jerome.Pouiller@silabs.com Signed-off-by: Greg Kroah-Hartman --- drivers/staging/wfx/data_tx.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/staging/wfx/data_tx.c b/drivers/staging/wfx/data_tx.c index 8db0be08daf8..41f6a604a697 100644 --- a/drivers/staging/wfx/data_tx.c +++ b/drivers/staging/wfx/data_tx.c @@ -31,6 +31,10 @@ static int wfx_get_hw_rate(struct wfx_dev *wdev, } return rate->idx + 14; } + if (rate->idx >= band->n_bitrates) { + WARN(1, "wrong rate->idx value: %d", rate->idx); + return -1; + } // WFx only support 2GHz, else band information should be retrieved // from ieee80211_tx_info band = wdev->hw->wiphy->bands[NL80211_BAND_2GHZ];